The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has issued a critical alert surrounding the active exploitation in Australia of a critical vulnerability affecting cPanel/WHM products.
cPanel provides a control panel for server and website management; WebHost Manager (WHM) is a web-based tool which is used for server administration.
The vulnerability is an authentication bypass, which can allow unauthenticated remote attackers to gain access to the control panel, as well as conduct remote code execution (RCE).
The vulnerability affects all versions after 11.40, which was released in 2013.
Patches have been released as of 30 April 2026.
ASD’s ACSC does not have information to indicate that a specific industry or sector is being targeted.
ASD's ACSC advises organisations to review networks and environments for use of vulnerable versions of cPanel and WHM products; review the need to continue to have the interface exposed to the internet; and apply patches as soon as practicable, if required.
It also advises organisations to monitor for suspicious activity. Indicator of Compromise (IoC) detection scripts have been released by the vendor, which may assist in detecting compromise.
_(25).jpg&h=142&w=230&c=1&s=1)
.jpg&w=100&c=1&s=0){kind=logo}
.jpg&w=100&c=1&s=0)
